Noncompliance Fines- The consequences of not being PCI compliant range from $5,000 to $500,000, which is levied by banks and credit card institutions. Banks may fine based on forensic research they must perform to remediate noncompliance. Credit card institutions may levy fines as a punishment for noncompliance and propose a timeline of increasing fines. The following table is an example of a time-cost schedule which Visa uses.

Month

Level 1

Level 2

1 to 3

$10,000 monthly

$5,000 monthly

4 to 6

$50,000 monthly

$25,000 monthly

7 and on

$100,000 monthly

$50,000 monthly

Breach Consequences- Even if a company is 100% PCI compliant and validated, a breach in cardholder data may still occur. Cardholder Breaches can result in the following losses for a merchant.

Calculator- This calculator is provided to give an estimate of penalties a company may assume if a breach of customer data were to happen. Inputs into this calculation include: discovery and notification, employee opportunity costs, customer opportunity costs, regulatory fines, civil restitutions, audit costs, and other liabilities. Click here to use the calculator.

Gap Assessment ToolTake this assessment to gain greater insight into the challenges you are facing